What are the correct profile redirect permissions.

I'm trying to find someone that is familiar and has a server that uses "profile redirect".  Currently, any user can go into the folder redirect share and see everyone files.  Which I do believe is wrong.  The security group for the profile redirect has full access on the root folder to the folder redirect which must be propagating to all child folders.  Can someone verify with their own profile redirect what level of permission the security group has.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

clarify redirecting the user folders?
or the user profiles.
parent directory should only have administrators rights, the difficulty deals with how you create the user folders. simple way is to when adding the user, mapping the homedir for the user which will create the user folder in the share with the user as the owner.

profile redirect is a different situation.
Usually the root where the user profiles will be stored need to have everyone write access. The user profile when copied will only have the user as owner. A GPO computer setting to add access for administrators is needed if that is needed.

The user created profiles in the share, do not have inherit from parent permissions.

\\domain\userprofiles needs to have share domain users/everyone full and security settings for domain users\everyone full.

\\domain\userfolders share permissions domain users/administrators full, security settings administrators full. other wise, the redirect will not complete until an administrator creates a directory for the user with user having full rights to it.
David Johnson, CD, MVPOwnerCommented:
base folder permissions: i.e. c:\shares\users\
Remove inheritance
icacls.exe C:\Shares\Users /inheritance:d
Remove users to stop nosy users
icacls.exe C:\Shares\Users /remove:g Users
icacls.exe C:\Shares\Users /grant Everyone:(x,ra,ad)
    Give “Everyone” execute/traverse (x), read attributes (ra), and append data/add subdirectory (ad). After running the command, your permissions should look like this:
    Administrators (Full Control) – This folder, sub-folders, and files
    SYSTEM (Full Control) – This folder, sub-folders, and files
    CREATOR OWNER (Full Control) – Sub-folders, and files
    Everyone (Special – Traverse Folder/Execute File, Read Attributes, Create Folders/Append Data) – This folder only


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.